Do you have a specific guide or sequence you followed? 1. apt-get install slapd krb5* heimdal-kdc .. etc?
And then the various config changes applied? I'll keep digging. On Wed, Jul 20, 2016 at 11:31 AM, Kartik Subbarao <[email protected]> wrote: > Hi Ryan, > > Thanks for looking into this. Unfortunately I don't have much to add to > my earlier response in this thread. Here are the only kerberos-related > types of lines that I have in slapd.conf: > > authz-regexp > uid=([^,]*),cn=([^,]*),cn=gssapi,cn=auth > ldap:///dc=example,dc=com??sub?(exampleKrb5PrincipalName=$1@$2) > sasl-realm EXAMPLE.COM > sasl-secprops minssf=0 > > As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y > GSSAPI works fine. I don't know precisely how slapd ends up using kcm. > slapd is linked with libheimbase.so.1, so presumably it ends up calling > some heimdal library function that ends up accessing that socket. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1472639 > > Title: > apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1472639 Title: apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket Status in openldap package in Ubuntu: Incomplete Bug description: The slapd apparmor profile doesn't allow access to /run/.heim_org.h5l .kcm-socket which is used by kerberos: apparmor="DENIED" operation="connect" profile="/usr/sbin/slapd" name="/run/.heim_org.h5l.kcm-socket" pid=61289 comm="slapd" requested_mask="wr" denied_mask="wr" fsuid=389 ouid=0 This is as of 2.4.40+dfsg-1ubuntu1. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
